Preliminary Amendment filed August 1, 2005 
Amendments to the Claims: 

This listing of claims will replace all prior versions and listings of claims in the application. 

Claims 1-29 are amended. 
Listing of Claims: 

1 . (Currently Amended) A method for authenticating a user of a first terminal in a 
commimication system, characteriz e d in that wherein the method comprises th e st e ps of : 




setting up a first logical channel via a conununication network between a first temiinal 
and a service provider; and 

identifying the identity of the user of the first terminal after the first logical channel set up 
via a second logical channel other than the established first logical channel between the service 
provider and the first terminal prior to providing any services to the user of the first terminal. 
2. (Currently Amended) The method according to claim 1 , charact e riz e d in that wherein the 
method fiirther comprises th e st e ps of : 




sending a user identification request fi*om the service provider to the first terminal via the 
second logical channel while the first logical channel exists between the first terminal and the 
service provider; 

receiving the user identification request with the first terminal while the first logical 
channel exists; 

digitally signing the request; 

sending the signed request with the first terminal via the second logical charmel; 
authenticating the user of the first terminal and verifying the digital signature; and 
providing the user with services provided by the service provider via the first logical 
channel. 

3. (Currently Amended) The method according to claim 1, charact e riz e d in that wherein the 
method fiirther comprises th e st e ps of : 

sending a user identification request for the user of the first terminal fi-om the service 
provider to a second terminal via the second logical channel while the first logical channel exists 
between the first terminal and the service provider; 
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receiving the user identification request with the second terminal while the first logical 
channel exists; 

digitally signing the request; 

sending the signed request with the second terminal via the second logical channel; 

authenticating the user of the second terminal and verifying the digital signature; and 

providing the user of the first terminal with services provided by the service provider via 
the first logical channel. 

4. (Currently Amended) The method according to claim 1 , charact e riz e d in that 
wherein the method further comprises th e steps of : 

sending a user identification request for the user of the first terminal from the service 
provider to a second terminal via the second logical channel, the user identification request 
comprising also a challenge; 

receiving the user identification request comprising the challenge with the second 
terminal; 

digitally signing the request comprising the challenge; 

sending the signed request with the second terminal via the second logical channel; 
providing the user of the first terminal with the challenge with the second terminal; 
providing the service provider with the challenge acquired firom the user of the second 
terminal; 

comparing the challenge in the signed message firom the second terminal and the 
challenge provided by the user of the first terminal; and if the challenges are equal, 

authenticating the user of the second terminal and verifying the digital signature; and 
providing the user of the first terminal with services provided by the service provider via 
the first logical channel. 

5. (Currently Amended) The method according to claim 1, 2, 3 or 4 , charact e rized in that 
wherein the first and/or second logical channel refers to a packet switched connection. 

6. (Currently Amended) The method according to claim 1 , 2, 3 or 4 , characteriz e d in that 
wherein the first and/or second logical channel refers to a circuit switched connection. 

7. (Currently Amended) The method according to claim 1 , 2, 3 or 4 , charact e rized in that 
wherein the method fiirther comprises th e st e p of : 
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arranging a security gateway forming an interface towards the first and/or second 
terminal. 

8. (Currently Amended) The method according to claim 7, charact e riz e d in that wherein the 
method further comprises th e st e ps of : 

identifying the service provider with the security gateway; 

sending a user identification request from the service provider to the security gateway; 
sending the user identification request firom the security gateway to the first terminal via 
the second logical channel; 

receiving the identification request with the first terminal; 
digitally signing the request; 

sending the signed request to the security gateway via the second logical channel; 
retrieving a certificate related to the user of the first terminal; 
authenticating the identify of the user of the first terminal and verifying the digital 
signature; and 

providing the user of the first terminal a service provided by the service provider via the 
existing first logical channel. 

9. (Currently Amended) The method according to claim 7, charact e riz e d in that wherein the 
method further comprises th e st e ps of : 




identifying the service provider with the security gateway; 

sending a user identification request of the user of the first terminal from the service 
provider to the security gateway; 

sending the user identification request fi-om the security gateway to a second terminal via 
the second logical channel; 

receiving the user identification request with the second terminal; 

digitally signing the request; 

sending the signed request of the security gateway via the second logical channel; 
retrieving a certificate related to the user of the second terminal; 
authenticating the identify of the user of the second terminal and verifying the digital 
signature; and 

providing the user of the first terminal a service provided by the service provider via the 
existing first logical channel. 
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10. (Currently Amended) The method according to claim 2, 3, 4 , 8 or 9 charaotoriz e d in that 
wherein the method further comprises th e st e p of : 

encrypting the user identification request sent to the first and/or second terminal using 
symmetric or asymmetric encryption; and 

encrypting the signed request sent from the first and/or second terminal using symmetric 
or asymmetric encryption. 

1 1 . (Currently Amended) The method according to claim 8 . wherein or 9, charact e riz e d in 
that the method further comprises th e st e ps of : 




encrypting the signed user identification request sent to the security gateway using 
symmetric or asymmetric encryption. 

12. (Currently Amended) The method according to claim 8 , wherein or 9, characterized in 
that the method further comprises th e steps of : 

retrieving with the security gateway a certificate related to the user of the first and/or 
second terminal; 

creating and sending a validating message to the service provider; and 

validating the user of the first and/or second terminal with the service provider based on 

the validating message and validating information. 

13. (Currently Amended) The method according to claim 8 , wherein or 9, characterized in 
feat the method further comprises th e st e ps of : 



retrieving with the security gateway validation information comprising at least a 
certificate related to the user of the first and/or second terminal; 

authenticating the identify of the user of the first and/or second terminal with the security 
gateway abased on the validation information; and 

sending a positive validation message to the service provider if the result of the validation 
was positive. 

14. (Currently Amended) The method according to claim 1, charact e riz e d in that wherein if 
the first logical channel fails during the validation procedure, the method further comprises-flie 
steps of : 

creating a challenge; 

encrypting the challenge with the public encryption key of the user of the first terminal; 
sending the encrypted challenge to the fist terminal; 
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decrypting the encrypted challenge in the first terminal; 
setting up a new logical channel to the service provider; 

providing the service provider with the decrypted challenge; and if the challenge is 
acceptable, 

providing the user of the first terminal via the logical channel with a service provided by 
the service provider. 

15. (Currently Amended) The method according to claim 14, charact e riz e d in that wherein 
the method fiirther comprises th e st e p of : 

sending the encrypted challenge to the first terminal via a security gateway. 

16. (Currently Amended) A system for authenticating a user of a first terminal in a 
communication system, the system comprising: 

a conmiunication network (NET), 

a first terminal (DTE) associated with the commxmication network (NET), 
a service provider (SP) associated with the communication network (NET), 
a service provider (SP) associated with the communication network (NET), 
a certificate service provider (CA), 
charact e riz e d in that the system fiirth e r compris e s: 

sending means (SM) for sending a user identification request to the first terminal (DTE) 
or a second terminal (DTE2); and 

identifying means (ID) for identifying the identity of the user of the first terminal (DTE) 
after a first logical channel has been set up via a second logical channel other than the 
estabUshed first logical channel between the service provider and the first terminal (DTE) prior 
to providing any services to the user of the first terminal (DTE) based on the information 
provided by the certificate service provider (CA). 

17. (Currentiy Amended) The system according to claim 16, charact e riz e d in that wherein 
the system fiirther comprises: 

a security gateway (GW) in connection with the service provider (SP) and certificate 
service provider (CA). 

18. (Currently Amended) The system according to claim 17, charact e riz e d in that wherein 
the security gateway (GW) is managed by the service provider (SP). 
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19. (Currently Amended) The system according to claim 17, charact e riz e d in that wherein 
the security gateway (GW) is managed by a third party. 

20. (Currently Amended) The system according to claim 16, characteriz e d in that wherein 
said sending means (SM) are arranged in the service provider (SP). 

2 1 . (Currently Amended) The system according to claim 1 6 . wherein or 17, charact e riz e d in 
that said sending means (SM) are arranged in the service provider (SP) and security gateway 
(GW). 

22. (Currently Amended) The system according to claim 16 , wherein or 17, charact e riz e d in 
that said identifying means (ID) are arranged in the service provider (SP) and/or security 

gateway (GW). 

23. (Currently Amended) The system according to claim 16, characteriz e d in that wherein 
the service provider (SP) comprises: 

first encrypting means (ENl) for encrypting information; and 
first decrypting means (DEI) for decrypting information. 

24. (Currently Amended) The system according to claim 17, charact e rized in that wherein 
the security gateway (GW) comprises: 

second encrypting means (EN2) for encrypting information; and 
second decrypting means (DE2) for decrypting information. 

25. (Currently Amended) The system according to claim 16, characteriz e d in that wherein 
the first terminal (DTE) and/or second terminal (DTE2) comprises: 

third encrypting means (ENS) for encrypting information; and 
third decrypting means (DE3) for decrypting information. 

26. (Currently Amended) The system according to claim 20 , wherein or 21, charact e riz e d in 
that said sending means (SM) are arranged to send a challenge to the first terminal (DTE) in the 
event that the logical channel set up between the first terminal (DTE) and service provider (SP) 
fails. 

27. (Currently Amended) The system according to claim 20 , wherein or 21, characterized in 
that said sending means (SM) are arranged to send a challenge to the second terminal (DTE2). 

28. (Currently Amended) The system according to any of th e claims 16 27 claim 16 , 
charact e riz e d in that wherein the communication network is a GSM network. 
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29. (Currently Amended) The system according to any of th e claimo 16 27 claim 16 , 
charact e riz e d in that wherein the communication network is a GSM network with the GPRS 
feature. 

30. (Currently Amended) The system according to any of th e claims 16 27 claim 16 , 
characteriz e d in that wherein the communication network is an UMTS, a CDMA, a WCDMA, an 
EDGE, a Bluetooth, or a WLAN network. 

3 1 . (New) A system for authenticating a user of a first terminal in a communication system, 
the system comprising: 

a communication network (NET), 

a first terminal (DTE) associated with the communication network (NET), 
a service provider (SP) associated with the communication network (NET), 
a service provider (SP) associated with the communication network (NET), 
a certificate service provider (CA), 

a sender (SM) for sending a user identification request to the first terminal (DTE) or a 
second terminal (DTE2); and 

an identifier (ID) for identifying the identity of the user of the first terminal (DTE) after a 
first logical channel has been set up via a second logical channel other than the established first 
logical channel between the service provider and the first terminal (DTE) prior to providing any 
services to the user of the first terminal (DTE) based on the information provided by the 
certificate service provider (CA). 
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